Integration Technologies Group, Inc. Uncompromising Performance
Agenda Current Market Information Overview of ISO 27001 Overview of ISO 27001 Requirements, Controls and Assets Identify the Scope Overview of the Implementation Process Implementation Resources Overview of the Certification Process
ISO 27001 Adoption Interest continues to build Heaviest volume of registrations are in: Japan India United Kingdom Most popular industry sections include: Information Technology Other Services
US Registrations
Overview of ISO 27001 ISO/IEC 27001:2005 is an investment in the company s future. A risk based management system to help organizations plan, implement, and maintain an information security management system (ISMS). Assists organizations by providing a structured, proactive approach to information security by: Ensuring the right people, processes, procedures and technology are in place to protect information assets. Minimizing possible harm to organizations caused by deliberate or accidental acts.
Overview of ISO 27001 ISO/IEC 27001 defines the requirements for an Information Security Management System. The standard is designed to ensure that you select adequate and proportionate security controls which helps you protect information assets and to give confidence to interested parties, including your customers. ISO/IEC 27001 is not an IT only standard; information is an organizational asset. The standard has no technology requirements; although there are IT related controls, as the majority of information is held on your IT systems. Protect the Confidentiality, Integrity and Availability (CIA) of assets
Overview of ISO 27001 (con t)
Overview of ISO 27001 (con t) Interested Parties Interested Parties Information security requirements and expectations Managed Information Security
ISO 27001 Requirements
ISO 27001 Mandatory Requirements
ISO 27001 Controls Control Area A.5 Security policy A.11 Access control A.6 Organization of information security A.12 Information systems acquisition, development and maintenance A.7 Asset management A.13 Information security incident management A.8 Human resources security A.14 Business continuity management A.9 Physical and environmental security A.15 Compliance A.10 Communications and operations management Are all controls applicable in every scenario?
ISO 27001 Assets An Asset is defined as anything that has value to the organization Don t forget the scope of the Standard is: to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties
ISO 27001 Asset Identification
ISO 27001 Scoping Protection of company and customer information in the provision of Information Technology equipment, software and services to public and private sector organizations. The ISMS is managed in accordance with the Statement of Applicability dated 07/29/2011.
Implementation Overview Develop Policy 2 nd Task Create Statement of Applicability 6 th Task Stage 2 Assessment 10 th Task Controls and Objectives, Risk Treatment 4 th Task Internal Audits, Management Review 8 th Task Today Future 1 st Task Determine Scope 5 th Task Finalize mandatory procedures and controls 9 th Task Stage 1 Assessment 3 rd Task Identify Assets, Risk Assessment 7 th Task Collect Evidence of conformance 11 th Task Certificate Receipt
Resource Identification
Summary
Summary ISO 27001 is a risk based security standard with a focus on business operation, not just IT. Remember: Implementation speed will be dependent upon: Resource commitment Desire Current infrastructure By standardizing a common approach the implementation timeline can be reduced Carefully analyze the controls to determine if they apply to your situation and provide value to your security management system Maintain management commitment and support throughout the implementation Define a strong project plan and measure the results frequently
Contact Us Name: Markus Darby Title: Vice President QS & P Integration Technologies Group, Inc. Address: 2745 Hartland Road Falls Church, VA 22043 Telephone: 571-422-0061 Email: markus.darby@itgonline.com Links: www.itilsoftware.net